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ABSTRACT: This work presents an algorithm to cipher color images using a hybrid ciyptosyslem, one winch is symmetric 
FIPS-197 and the other an asymmetric elliptic curve being a nonsingular y 2 = x 3 + Ax + B(modp) over Z p (ECC). The 
construction of the hybrid crypiosyslcm proposed has two important aspects: the first is the generation of a random number, 
which we will cally, of the same prime length finite fleldZ p . The issuer figuresy ECC with point compression technique, in 
such a way that the result is a string encryption twice the length of the string representing p plus an extra byte calledy*. The 
second aspect is to multiply a y* by the transcendental numbem and the resulting product is taken right of the decimal 
point for the length of the image in bytes. Subsequently, it performs the XOR operation of this with the image bytes 
generating!* . I* divides into sections of length equal to y and each section is applied to the XOR operation with y tints 
resulting in an encrypted image. The issuer encryptsy* with AES with the key K 1 resultingy" , turns the transmitter keyK 1 , 
encrypts with our private key by generating ECCK . Consequently, the issuer sends the receiver the encixpted image and the 
ordered pair(y** , K 1 ); this with their private key to perform the reverse process to obtain the original image. The security of 
this cryptosystem is in the size y* as this can have a size of over 225 bytes (if taken top > 10 270 J and would have to prove 
more than 2 225x8 — 1 possible blocks depending on the size ofp. 
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The proliferation of computers and the Internet boom that has happened in recent years has made it possible for 
anyone to distribute any type and amount of information easily. There are many numbers of applications that make use of the 
latest exchange systems information across Wifi networks, fiber optic networks, satellites, etc. In the exchange of 
information and thanks to the popular use of mobile computers, now sharing images is a very important part in our daily 
lives. However, the importance of images exchange not only applies to our everyday life, such as military class databases 
which have images of maps with locations of secret facilities, or in the banking industry where millions of dollars are 
invested daily in the exchange of images containing highly sensitive information. Therefore, much research has been 
developedon ciphering and deciphering images in which one of the main objectives is to recover the original image from the 
cipher image without some data loss. To achieve this, it is necessary to ensure the confidentiality, integrity and authenticity 
of the transmitted image. 

In literature different proposals can be found such as the development of a cryptosystem whichcan cipher images 
using chaotic logistic maps [1]. These have an advantage over traditional algorithms such as high security, speed, etc. 
Another example of this type of cryptosystem is the one in which the encryption is based on DNA sequences [2]. The main 
characteristic of this algorithm is to reduce the cipher time of a very large image (such as FullHD). There are cryptosystems 
where a change has been made to the algorithms that are within the international standard as DES [3]. In this proposal the 
Triple-DES algorithm has been modified, based on the initial permutation that begins the algorithm's rounds [4]. This permits 
each data ciphered generates a different dynamic permutation. There is another work in which image encryption is based on 
how the Rubik cube rotation generating its sequence to be sorted [5]. This article intends to use Elliptic Curve Cryptography. 
The ECC has been researched very much over the past 30 years and importantly has been used to solve Fermat's Last 
Theorem [6]. 

Elliptic curves were introduced by Neal Koblitz [7] and Victor S. Miller in 1985 [8] independently, and since then, 
this has been a vast research area in which mathematical work has been developed with this tool. One application is where 
the ECC has been a digital signature algorithm [9-12] which can be used to replace existing algorithms with equal or greater 
security. ECC also has been applied in security systems based on radio frequency [13]. Regarding the image encryption with 
this mathematical tool, there is a paper that makes the image encryption based on a mapping from a point on the curve for 
each image pixel [14, 15]. Based on a point table associated with each point of the curve, each pixel is transformed into its 
corresponding encrypted pixel. Although this sounds feasible, the problem with this is to know the order of the field that 
generates the curve. A system with a similar target develops random sequences generated by the cyclic group of the elliptic 
curve [16]. A crypto system is proposed that generates a random number known as NONCE which transforms the message 
akin to a point on the elliptic curve [17]. There are many hybrid cryptosystems (such as this article) as shown in [18], which 
combines chaotic maps with ECC and there is another which is based on using ElGamal homomorphism for ECC [19]. 

Another feature of this work is the ability to cipher an image (say FullHD) in a fast enough time and achieve good 
encryption information thanks to the method proposed. To achieve this, we have applied the use of transcendental numbers 
(in this case7r) [20, 21] to achieve this goal, which also created a hybrid cryptosystem which uses ECC and AES encryption 
to ensure the strengthening of the image. 
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II. PRELIMINARIES 

A nonsingular elliptic curve is the solution set of the equation y 2 = x 3 + Ax + B (mod p) and must satisfy 
4A 3 + 27B 2 ^ 0 (mod p). Therefore; the equation condition ensures that there are 3 different solutions. Elliptic curve points 
form an additive abelian group with 0 as the identifying element that satisfies the properties: commutatively, existence of 
identity and associativity [22]. 

Let Fbe an elliptic curve and i\ = (*i,yi), P 2 = (.x 2 ,y 2 ) two points over Fwith P_l, P 2 ^ 0. We define i\ + 
P 2 = P 3 = (x 3 ,y 3 ) as follows: 

1. lfx 1 x 2 , thenx 3 — m 2 — x^ — x 2 ,y 3 = m(x 1 — x 3 ) — y x , where m = yz yi 

2. If x t = x 2 buty! ± y 2 , then P l + P 2 = 0 

3. If P 1 = P 2 andy ^ o, thenx 3 = m 2 - 2x u y 3 = m(x 1 - x 3 ) - y 1; where m = 3x ^J A 

4. If P_l = P_2 andy_l = 0, then?! + P 2 = 0. We define P + 0 = P for all points P overF. 

The curve's cardinality Fon F q , corresponds to the point number that is generated in the field. It is a very important 
issue in safety cryptosystems since it depends on the cryptosystembeing sufficiently robust.The Hasse-Weil theorem relates 
the point number ofthe field size and for counting the pointgroupSchoof s algorithm can be used. For calculating a root and 
finding the generator for an elliptic curve E, we Z~ = 1 modp, if p = 3mod 4, it is given by ±Z~ = 1 modp, this will 
help us in order to find the field generator which solves the equation y 2 = x 3 + Ax + B (mod p) [22-26]. 
The compression point operation can be expressed as: 

Compression_Point::£'\(9 -> Z p x Z 2 

And is defined as: 

Compression_Point(P) =P = (x,y mod 2) , where P = (x,y) £ E 
Algorithm 1 shows the inverse operation (Descompression_Point) to recover the elliptic curve point P — (x, y) 
of (x,ymod 2). This algorithm computes Vzmod p. 
Algorithm 1: Function for recovering the compression point 
Require: axis x, byte i 
Ensure: Point P. 

1: procedureDescompression_Point(x, t) 
z <- x 3 + Ax + B 

ifz is not quadratic module remainder p then 
return "(fail)" 



else 



y <- Vz mod p 
ify = i(mod 2) then 
return (x, y) 



L3: 



else 
end if 



return {x, p — y) 



end if 
end procedure 



III. PROPOSED MODEL 

The proposed hybrid cryptosystem is the combination of AES symmetric system and the elliptic curve as the 
asymmetric encryption, but to generate a good disordering of the image, the decimal numbers of n are used. 

1. This cryptosystem has two important aspects: The random number generation. In this step we proceed to generate a 
random number r\ where 1 < r] < #E(fp) — 1. This number is encrypted with the point compression technique 
described above. The data encryption M- 1 of length 21 + I where/ — -, t = log 2 (p), will be used as a private random 
key cryptosystem. 

2. Secret number. Where M- 1 will serve to multiply by n since n is a transcendental number. All decimals of this number 
are not periodical, the multiplication by M- 1 with the other number would generate another transcendental number. This 
result, calledF, will be used to clutter an image. 

Definition 3.1 M- 1 is the result of encrypting the random number rywhere 1 < r\ < #F(/p) — 1, the compression 
point scheme is used and (p = (^(n). 

Since ^and 0 are very large numbers, these are stored in strings of bytes depending on the size of each, i.e., these 
numbers are arrays of bytes which are treated as large integers. 

Let's suppose that we have two entities ^4and B. Entity A sends an encrypted image to entity B, therefore :.4andZ? 
agree with each other to use an elliptic curve cryptosystem and follow the entire procedure described in [27]. 
• AandB have already chosen their private keys for ECC, but A needs to choose a key for the AES asymmetric system 
which we will call p. 

To encrypt an image I mxn of sizem X n, where mis the rows and n the columns, A must follow these steps: 
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1. Read the image I mxn and generate a string of bytes buff Image of size m X n X 3 for color images of 24 bits of 
resolution. 

2. Read n of a file previously generated. .Ashould read 7rthe same size of the image / mxn in a string of bytes. Only the 
numbers are taken after the decimal point, the integer number of n is not taken. 

3. Generate random number ^according to Definition 3.1 with its private key a, for the data format follows the 
procedure used in [27]. 

4. Generate random number 0 according to Definition 3.1 using the string n in numerical representation. 

5. v4must encrypt a ^ by AES through its key pm this generate M- 1 '. 

6. i4encryptsits private key p ECC and formatting data using [27], this will generate an encrypted key p'. 

7. pshould perform the operation buffCipherlmage — (p © buff Image, the result will scramble the image the first 
time. 

8. i4must divide buffCipherlmage in blocks of 21 + 1 bytes and each block buff Blocks where i = 0,1,2,...,^^- 
1 and A must perform buff Blocks — buffBlock L © 4- 1 by each block. With this A has encrypted all the image 
information. 

9. Now A saves the image and proceeds to save the t-blocks, then A can send to BM- 1 ' and p' which are used for 
obtainingthe original image. 

Therefore A has already encrypted the image and sends the encrypted key p' by using ECC and M- 1 ' that was 
encrypted with AES. 

B In turn, upon receipt of the encrypted image, should do the reverse process as follows: 

1. B gets p' and y ¥': 

a. The key p' which must decode ECC through its private key k, obtaining the key p. 

b. The block M- 1 ' that is encrypted with AES is decrypted with the key pto obtain^, recalling that this block is used to 
operate with the image as a random number. 

2. fishould read n according to the image size. 

3. ^proceeds in reverse, i.e. operates as in step 8 and then operates according to step 7. £? obtains the original image. 

IV. EXPERIMENTAL RESULTS 

The experiment that was carried out to test this algorithm was performed on a 2.4 Ghz core i7 with 8 Gb Ram. The 
way quality encryption is determined is with the proposal made in [4], using j 2 . With this procedure and plotting the 
frequency histogram we can determine if the procedure performed was successful. Table 1 and figure 1 show different 
picture sizes over time encryption of this hybrid cryptosystem for the procedure used in [4] and the value of j 2 . For 
obtaining these results the curve called P-521was used [28], and also the number prime which is given there. 

The security offered by this hybrid cryptosystem, lies in the generation of a random numberthat is obtained by the 
process of the elliptic curve encryption. This number according tothe prime number that was used to build the field Z p is 
about 10 150 , which is generated by a string byte with a length of 66 bytes having a length of 133 bytes (This size can vary 
accordingto the size of the prime number that generates Z p ). 



Tablel: Comparison between our hybrid cryptosystem and Triple PES 96 . 



Size 


Hibrid 


Triple DES 96 


Time(se,g.) 


x 2 


Time (set?.) 


x 2 


320x200 


0.279 


755.2238 


1.890 


750.1360 


320x240 


0.161 


741.2381 


2.609 


722.5999 


640x480 


0.269 


793.3555 


9.101 


810.5983 


800x600 


0.270 


734.9383 


14.860 


761.9178 


1024x768 


0.292 


761.0994 


24.203 


807.7024 


1280x768 


0.335 


741.3931 


28.532 


715.9650 


1280x1024 


0.439 


742.6301 


35.953 


715.0464 


1440x900 


0.411 


802.7540 


36.365 


798.0950 


1600x1024 


0.436 


747.6839 


49.703 


761.0825 


1600x1200 


0.591 


827.8274 


54.125 


773.3616 


1920x1080 


0.469 


716.1687 


58.250 


760.9197 


4096x3112 


2.146 


798.2641 


384.422 


886.2007 
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Figure 1: Original images, encrypted images and histograms for different image sizes. 



For attacking this cryptosystem, we should know the random number and we should know the private key that uses 
ECC. ECC's strength lies in solving the discrete logarithm problem for elliptic curves [9, 22] and also the private keys of the 
sender and receiver being 256 bits. The random number to be sent to the receiver is encrypted using AES with a 128-bit key 
and this key is encrypted with ECC using the sender's private key. In order to know the random number, we should break 
both, ECC and AES to obtain it. Yet another way to obtain it would be to try all possibilities to generate the number and 
validate with multiplication times n. In this example, the number is 133 bytes so we should prove 2 133x8 — 1 operations, but 
this computationally is very expensive. 

Table 2 shows that the security of this cryptosystem increases if we use a prime number to generateZ p . 

T able 2: Security of our crypto system 



Prime 


Operations 


number's 




order 




10 150 


21064 _ ^ 


10 270 


22040 _ ^ 


10 512 


2 3400 _ 1 


1Q 1024 


2 6808 _ 1 



V. CONCLUSIONS 

The result obtained by x 2 is quite close to that shown in [4]. However, the time required to obtain the encrypted 
image increases significantly as we increase the image size. This also presents a hybrid cryptosystem, but the time required 
for the encryption is significantly much smaller. Although all articles are based on the image histogram, it is sufficiently 
linear to determine if encryption is good enough. The images used for encryption are small compared with the image 
presented in this paper which shows the strength of this hybrid cryptosystem. 

We must also consider safety presented by the use of random number generation which would be very hard to find because 
all the combinations would have to be proved. 

However, the hybrid cryptosystem' s time encryption can still be improved optimizing the operation Q = kP as is 
proposed in [29, 30,31]. 
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